<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>SAML invalidate API | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'security-api-saml-invalidate.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-saml-invalidate.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/security-api-saml-invalidate.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/security-api-saml-invalidate.html" rel="nofollow" target="_blank">../en/security-api-saml-invalidate.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="rest-apis.html">REST APIs</a></span>
»
<span class="breadcrumb-link"><a href="security-api.html">Security APIs</a></span>
»
<span class="breadcrumb-node">SAML invalidate API</span>
</div>
<div class="navheader">
<span class="prev">
<a href="security-api-saml-logout.html">« SAML logout API</a>
</span>
<span class="next">
<a href="security-api-ssl.html">SSL certificate API »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="security-api-saml-invalidate"></a>SAML invalidate API<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-invalidate-api.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>Submits a SAML LogoutRequest message to Elasticsearch for consumption.</p>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<p>This API is intended for use by custom web applications other than Kibana.
If you are using Kibana, see the <a class="xref" href="saml-guide.html" title="Configuring SAML single-sign-on on the Elastic Stack"><em>Configuring SAML single-sign-on on the Elastic Stack</em></a>.</p>
</div>
</div>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-invalidate-request"></a>Request<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-invalidate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p><code class="literal">POST /_security/saml/invalidate</code></p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-invalidate-desc"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-invalidate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The logout request comes from the SAML IdP during an IdP initiated Single Logout.
The custom web application can use this API to have Elasticsearch process the <code class="literal">LogoutRequest</code>.
After successful validation of the request, Elasticsearch invalidates the access token
and refresh token that corresponds to that specific SAML principal and provides
a URL that contains a SAML LogoutResponse message, so that the user can be
redirected back to their IdP.</p>
<p>Elasticsearch exposes all the necessary SAML related functionality via the SAML APIs.
These APIs are used internally by Kibana in order to provide SAML based
authentication, but can also be used by other custom web applications or other
clients. See also <a class="xref" href="security-api-saml-authenticate.html" title="SAML authenticate API">SAML authenticate API</a>,
<a class="xref" href="security-api-saml-prepare-authentication.html" title="SAML prepare authentication API">SAML prepare authentication API</a>,
and <a class="xref" href="security-api-saml-logout.html" title="SAML logout API">SAML logout API</a>.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-invalidate-request-body"></a>Request body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-invalidate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">acs</code>
</span>
</dt>
<dd>
(Optional, string) The Assertion Consumer Service URL that matches the one of the SAML
realm in Elasticsearch that should be used. You must specify either this parameter or the <code class="literal">realm</code> parameter.
</dd>
<dt>
<span class="term">
<code class="literal">queryString</code>
</span>
</dt>
<dd>
  (Required, string) The query part of the URL that the user was redirected to by the SAML
  IdP to initiate the Single Logout. This query should include a single
  parameter named <code class="literal">SAMLRequest</code> that contains a SAML logout request that is
  deflated and Base64 encoded. If the SAML IdP has signed the logout request,
  the URL should include two extra parameters named <code class="literal">SigAlg</code> and <code class="literal">Signature</code>
  that contain the algorithm used for the signature and the signature value itself.
In order for Elasticsearch to be able to verify the IdP’s signature, the value of the queryString field must be an exact match to the string provided by the browser.
The client application must not attempt to parse or process the string in any way.
</dd>
<dt>
<span class="term">
<code class="literal">realm</code>
</span>
</dt>
<dd>
(Optional, string) The name of the SAML realm in Elasticsearch the configuration. You must specify
either this parameter or the <code class="literal">acs</code> parameter.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-invalidate-response-body"></a>Response body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-invalidate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">invalidated</code>
</span>
</dt>
<dd>
(integer) The number of tokens that were invalidated as part of this logout.
</dd>
<dt>
<span class="term">
<code class="literal">realm</code>
</span>
</dt>
<dd>
(string) The realm name of the SAML realm in Elasticsearch that authenticated the user.
</dd>
<dt>
<span class="term">
<code class="literal">redirect</code>
</span>
</dt>
<dd>
(string) A SAML logout response as a parameter so that the user can be
redirected back to the SAML IdP.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="security-api-saml-invalidate-example"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/rest-api/security/saml-invalidate-api.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The following example invalidates all the tokens for realm <code class="literal">saml1</code> pertaining to
the user that is identified in the SAML Logout Request:</p>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">POST /_security/saml/invalidate
{
  "queryString" : "SAMLRequest=nZFda4MwFIb%2FiuS%2BmviRpqFaClKQdbvo2g12M2KMraCJ9cRR9utnW4Wyi13sMie873MeznJ1aWrnS3VQGR0j4mLkKC1NUeljjA77zYyhVbIE0dR%2By7fmaHq7U%2BdegXWGpAZ%2B%2F4pR32luBFTAtWgUcCv56%2Fp5y30X87Yz1khTIycdgpUW9kY7WdsC9zxoXTvMvWuVV98YyMnSGH2SYE5pwALBIr9QKiwDGpW0oGVUznGeMyJZKFkQ4jBf5HnhUymjIhzCAL3KNFihbYx8TBYzzGaY7EnIyZwHzCWMfiDnbRIftkSjJr%2BFu0e9v%2B0EgOquRiiZjKpiVFp6j50T4WXoyNJ%2FEWC9fdqc1t%2F1%2B2F3aUpjzhPiXpqMz1%2FHSn4A&amp;SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&amp;Signature=MsAYz2NFdovMG2mXf6TSpu5vlQQyEJAg%2B4KCwBqJTmrb3yGXKUtIgvjqf88eCAK32v3eN8vupjPC8LglYmke1ZnjK0%2FKxzkvSjTVA7mMQe2AQdKbkyC038zzRq%2FYHcjFDE%2Bz0qISwSHZY2NyLePmwU7SexEXnIz37jKC6NMEhus%3D",
  "realm" : "saml1"
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/2133.console"></div>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">{
  "redirect" : "https://my-idp.org/logout/SAMLResponse=....",
  "invalidated" : 2,
  "realm" : "saml1"
}</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="security-api-saml-logout.html">« SAML logout API</a>
</span>
<span class="next">
<a href="security-api-ssl.html">SSL certificate API »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>